Firefox 14 arrives with “secure search”

Mozilla has also removed favicons from the browser's navigation bar.

Mozilla announced today the release of Firefox 14, a new version of the open source Web browser. The update includes a number of minor new features, improved security, and enhanced support for modern Web standards.

The most noteworthy change is the secure search feature. The behavior of the browser’s built-in search bar was changed so that it will use an SSL-encrypted HTTPS address by default for all of a user’s Google searches, ensuring that the queries can’t be intercepted by packet sniffing. Mozilla first announced the secure search feature back in May when it was rolled out in the Aurora channel. It’s enabled by default in Firefox 14 but only works with Google searches at present; Mozilla is interested in working with other search engine providers to expand support.

To further improve security in Firefox 14, Mozilla has changed the way that SSL use is presented in the browser. The new version will no longer display a favicon in the URL bar next to the site address. Instead, it will display either a globe or a padlock, depending on whether the site has SSL enabled.

The new behavior in Firefox is similar to what Google does in Chrome. Mozilla adopted it in Firefox in order to prevent malicious sites from misleading the user by displaying a padlock favicon, but the change should also visually simplify the Firefox navigation toolbar. Site favicons are still displayed in the browser tabs.

On the standards front, Firefox 14 introduces official support for the Pointer Lock API, which allows a Web application to capture raw input data from the user’s mouse and lock its movement so that it is confined to a certain page element. This functionality has a wide variety of potential uses, particularly for interactive gaming.

Recent Firefox releases are embarassing, and Australis is cringe-inducing. Cargo-culting whatever Chrome does won't get them their mindshare back, why should anyone use the copy if the original is right there?

The new behavior in Firefox is similar to what Google does in Chrome. Mozilla adopted it in Firefox in order to prevent malicious sites from misleading the user by displaying a padlock favicon

Why does Firefox need to ape Chrome all the time? I can think of at least two different ways to achieve the same effect: a) use a separate graphic indicator for secure sites, or b) change the background colour of the URL address field.

Recent Firefox releases are embarassing, and Australis is cringe-inducing. Cargo-culting whatever Chrome does won't get them their mindshare back, why should anyone use the copy if the original is right there?

Because Firefox has a much more powerful extensions system. Chrome's addons are severely limited in comparison, and there are simply no true equivalents for addons like TreeStyleTab, Pentadactyl, and others that radically reshape the browser. This is by design on Chrome's part, and unlikely to change.

But considering the tone of your post, you probably aren't looking for actual answers, which is a shame, because I think there is a decent discussion there.

The new behavior in Firefox is similar to what Google does in Chrome. Mozilla adopted it in Firefox in order to prevent malicious sites from misleading the user by displaying a padlock favicon

Why does Firefox need to ape Chrome all the time? I can think of at least two different ways to achieve the same effect: a) use a separate graphic indicator for secure sites, or b) change the background colour of the URL address field.

Because the padlock icon is instantly understandable. A color can mean many things not immediately associated to security or privacy.

The who-copied-what discussion with all its emotionally invested participants is tiring and irrelevant. So what if Firefox copies features from Chrome. I'm sure Chrome copied a whole lot of features from Firefox/Opera/Safari when Google was developing the first version (and probably later versions as well). If the result is better browsers for all, why complain?

Personally, I have gotten used to Firefox. Back when FF was on version 3.6 I contemplated switching, but since FF4 I have not really felt hampered by the browser, and I figure Google already knows enough about me.

What is the fascination with copying by some people on the comments board. As though it is some major crime.

I'm sure all these people who are complaining have cars that don't have round wheels. I mean, after all, who wants to buy a car that copies other peoples way of doing things. No doubt they also steer with their pedals and accelerate with their hands, whilst facing the wrong way, in the back seat.

The new behavior in Firefox is similar to what Google does in Chrome. Mozilla adopted it in Firefox in order to prevent malicious sites from misleading the user by displaying a padlock favicon

Why does Firefox need to ape Chrome all the time? I can think of at least two different ways to achieve the same effect: a) use a separate graphic indicator for secure sites, or b) change the background colour of the URL address field.

Because the padlock icon is instantly understandable. A color can mean many things not immediately associated to security or privacy.

Not impressed with Firefox anymore. None of these additions are innovated or unique. Any browser can do what most users want them to. Some how we think their will eventually be a winner and I doubt now that will happen. Even Microsoft must admit that their is no clear reason to use any particular browser. A lot of what makes Google's Chrome browser popular is its connection to Google's ecosystem. Without that its just another good browser. Firefox seems to be left out in the cold as simply another browser that does have a large extension support system. But for many it really does not do that as well as it used to. The frequent updates have simply broken and re broken add ons that users find them less useful. To me Firefox has become a browser only solution which much like Opera is just another good browser. These days you need to be more.

Firefox seems to be getting slower and more unstable with every release. I'm starting to miss the old FF 3.6 days.

Sometimes I boot up and old machine here at work, and it has Firefox 3.x on it, and it's amazing how quickly it opens, even on the old P4 machines with 80GB HDDs. Opens and gets down to business faster than Firefox 12 on a SSD powered i5 machine.

Isn't the search term still passed in the URL and therefore readable by any packet sniffer?

It is not readable, no. The only thing visible is the host name. The actual requested path on the server would be part of the HTTPS request itself once the connection to the server has been established, hence it will be encrypted and not visible to outside eyes.

As you can see the last step happens once secure channel is already present, hence the URL is not visible to the outsiders.

This way, by using HTTPS with google at all times, for example your ISP will not be able to spy on your searches normally. In general I am paranoid enough to use HTTPS with any site that supports it. There are just too many trackers etc. around, I would like to preserve that last little shred of privacy.

PS. Another website that fully supports HTTPS access is wikipedia.org.

The new behavior in Firefox is similar to what Google does in Chrome. Mozilla adopted it in Firefox in order to prevent malicious sites from misleading the user by displaying a padlock favicon

Why does Firefox need to ape Chrome all the time? I can think of at least two different ways to achieve the same effect: a) use a separate graphic indicator for secure sites, or b) change the background colour of the URL address field.

Because the padlock icon is instantly understandable. A color can mean many things not immediately associated to security or privacy.

Green = httpsAmber/orange = httpRed = recognised attack site

Seems fairly easy to understand

Yeah, except Green doesn't signal "security". It can signal anything from "Input valid" to "Biodegradable", but I don't think "Secure".And an orange adressbar would get annoying since it seems to call attention - most sites aren't SSL so that would irritate me.

The padlock is much less ambiguous, though it could be supplemented with a color. A Favicon in the adressbar is superfluous anyway, since the favicon in the tab is *right above it* already.Besides, that other browsers use the same mechanism is a GOOD THING. UI design relies on conventions and standard solutions to be effective - if everyone re-invent design-concepts for trivial aspects of an UI, users will be confused and lost.

The new behavior in Firefox is similar to what Google does in Chrome. Mozilla adopted it in Firefox in order to prevent malicious sites from misleading the user by displaying a padlock favicon

Why does Firefox need to ape Chrome all the time? I can think of at least two different ways to achieve the same effect: a) use a separate graphic indicator for secure sites, or b) change the background colour of the URL address field.

Because the padlock icon is instantly understandable. A color can mean many things not immediately associated to security or privacy.

Green = httpsAmber/orange = httpRed = recognised attack site

Seems fairly easy to understand

Yeah, except Green doesn't signal "security". It can signal anything from "Input valid" to "Biodegradable", but I don't think "Secure".And an orange adressbar would get annoying since it seems to call attention - most sites aren't SSL so that would irritate me.

The padlock is much less ambiguous, though it could be supplemented with a color. A Favicon in the adressbar is superfluous anyway, since the favicon in the tab is *right above it* already.Besides, that other browsers use the same mechanism is a GOOD THING. UI design relies on conventions and standard solutions to be effective - if everyone re-invent design-concepts for trivial aspects of an UI, users will be confused and lost.

L.

Green signals safety and security, traffic lights, emergency exit signs, etc.Instead of orange in the background have a plain white one, indicating normal, like it is now.

Padlock makes just as much sense, there are alternatives to the cloning of Chrome though

"On the standards front, Firefox 14 introduces official support for the Pointer Lock API, which allows a Web application to capture raw input data from the user’s mouse and lock its movement so that it is confined to a certain page element. This functionality has a wide variety of potential uses, particularly for interactive gaming."

This sounds quite nasty...

"It gives you access to raw mouse movement, locks the target of mouse events to a single element, eliminates limits on how far mouse movement can go in a single direction, and removes the cursor from view."

"Pointer Lock lets you continue to access mouse events even when the cursor goes past the boundary of the browser or screen."

"* It is persistent. Pointer Lock does not release the mouse until an explicit API call or the user uses a specific release gesture. * It is not limited by browser or screen boundaries. * It continues to send events regardless of mouse button state. * It hides the cursor."

WHY WOULD I WANT THESE THINGS??? We have enough problems with malware sites out there without them being able to track what my mouse is doing outside the browser or locking the mouse to specific spots on their page until I have to click their malware install button.

Screw gamers, there is *NOTHING* good about this API that outweighs its potential to destroy your machine.

Firefox seems to be getting slower and more unstable with every release. I'm starting to miss the old FF 3.6 days.

Sometimes I boot up and old machine here at work, and it has Firefox 3.x on it, and it's amazing how quickly it opens, even on the old P4 machines with 80GB HDDs. Opens and gets down to business faster than Firefox 12 on a SSD powered i5 machine.

That sounds really odd. There might be a problem with your profile. Type in "about:support" in the URL bar, you should now see a "Reset Firefox" button to the right. This will reset Firefox by creating a new profile but it will also copy over your history, saved passwords etc.

Note though that you will have to re-install your add-ons. It might be worth it though, since this might fix your problems.

"On the standards front, Firefox 14 introduces official support for the Pointer Lock API, which allows a Web application to capture raw input data from the user’s mouse and lock its movement so that it is confined to a certain page element. This functionality has a wide variety of potential uses, particularly for interactive gaming."

This sounds quite nasty...

"It gives you access to raw mouse movement, locks the target of mouse events to a single element, eliminates limits on how far mouse movement can go in a single direction, and removes the cursor from view."

"Pointer Lock lets you continue to access mouse events even when the cursor goes past the boundary of the browser or screen."

"* It is persistent. Pointer Lock does not release the mouse until an explicit API call or the user uses a specific release gesture. * It is not limited by browser or screen boundaries. * It continues to send events regardless of mouse button state. * It hides the cursor."

WHY WOULD I WANT THESE THINGS??? We have enough problems with malware sites out there without them being able to track what my mouse is doing outside the browser or locking the mouse to specific spots on their page until I have to click their malware install button.

Screw gamers, there is *NOTHING* good about this API that outweighs its potential to destroy your machine.

There are colour blind people out there. So you design using colour as a secondary indicator.

This is what I wanted to say. Even more so considering red/green color blindness is one of the most common.

I'm one of those colourblind people, the new metro interface with white on bright yellow buttons, is particularly aggravating. Deep colours are identifiable, it's bright ones that are the struggle. Compare the UI in Battlefield 2 which used deep colours which were visible to all with Bad company 2 which used highlighter colours and wasn't

WHY WOULD I WANT THESE THINGS??? We have enough problems with malware sites out there without them being able to track what my mouse is doing outside the browser or locking the mouse to specific spots on their page until I have to click their malware install button.

Screw gamers, there is *NOTHING* good about this API that outweighs its potential to destroy your machine.

Do you have any source that you can refer to or are you just speculating and therefore spreading FUD?

WHY WOULD I WANT THESE THINGS??? We have enough problems with malware sites out there without them being able to track what my mouse is doing outside the browser or locking the mouse to specific spots on their page until I have to click their malware install button.

Screw gamers, there is *NOTHING* good about this API that outweighs its potential to destroy your machine.

Do you have any source that you can refer to or are you just speculating and therefore spreading FUD?

If google puts a good feature into their browser, I WANT firefox to copy it. Anything to make the web better is good for all of us. Its not like chrome didnt copy other browsers. Oh noes, google chrome has tabbed browsing and extensions. What copycats!

Chrome is only successful because of the years of work that Mozilla did on standards support to break away from an IE specific web. Something Safari was never able to do. Just by being an important part of the market share, Firefox prevents another single company monopoly which would be disastrous for the web (again).

You really want to know why Mozilla imitates the APPEARANCE of other web browsers? Its because they are not in first place market share wise. So back in the old days, people were switching from IE to Firefox. Guess what firefox looked like.... IE! Now they are trying to convince people to switch from Chrome to Firefox. Guess what firefox _looks_ like.... Chrome!

Its all about comfort. The real differences are beneath the surface anyways. As others have mentioned, Firefox has a much more powerful extension system which google would never allow. Mozilla is also working on plenty of actual innovative projects as well. Such as pdf.js, Shumway, browserID, thimble, ect...

Its pretty dumb when people only look at the latest screenshot and are immediately: OMG looks familiar. I hate it!! >.<

Firefox seems to be getting slower and more unstable with every release. I'm starting to miss the old FF 3.6 days.

Sometimes I boot up and old machine here at work, and it has Firefox 3.x on it, and it's amazing how quickly it opens, even on the old P4 machines with 80GB HDDs. Opens and gets down to business faster than Firefox 12 on a SSD powered i5 machine.

There's probably something wrong with your machine. I have a related situation with 4 office machines and 2 home PCs (laptops / desktop). On one of the 6 machines, Firefox acts weird. When launched the browser window will display and then the HDD will go into a frenzy for about 5-10 seconds before the browser becomes responsive. It's like it's updating to a new version except it does it every single time.

I've tried uninstalling and re-installing to no effect and this machine doesn't have any problems with Chrome, IE, or any other application. None of the other computers have this problem, even some that are older, slower hardware. The Firefox problem only showed up after v4 was released.

EDIT: I just read Dr. Insano's suggestion about resetting the browser from the about:support page. I'm going to try that and see what happens.

What they really need to change is how the browser reacts to self-signed certificates. Instead of throwing a fit and basically telling the user "OMG YOU ARE BEING ATTACKED" it needs to better explain what's going on. Right now, it gives the user the false impression that unencrypted traffic is more secure (because here the browser doesn't show any warnings) than SSL using a self-signed certificate.

WHY WOULD I WANT THESE THINGS??? We have enough problems with malware sites out there without them being able to track what my mouse is doing outside the browser or locking the mouse to specific spots on their page until I have to click their malware install button.

Screw gamers, there is *NOTHING* good about this API that outweighs its potential to destroy your machine.

Do you have any source that you can refer to or are you just speculating and therefore spreading FUD?